CAN-SPAM Law Won't, Critics Say
WASHINGTON--The first federal antispam law may be on its way to reality, but many antispam advocates say it won't stem the flood into e-mail users' in-boxes.
The Senate unanimously approved the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act last week. It requires e-mail users to opt out of unwanted commercial e-mail, instead of requiring e-mail senders to get permission before sending. That approach is backwards, say vendors of antispam technologies and at least one consumer advocacy group.
Only Partly There
The bill gives consumers little control over spam, says Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial Email (CAUCE). Everett-Church says he is encouraged that the bill includes an amendment requiring the Federal Trade Commission to consider a national do-not-spam e-mail registry, but it doesn't require the FTC to actually implement such a list.
A 1991 law authorized the Federal Communications Commission to create a national do-not-call telemarketing registry, which took effect in early October--12 years later, Everett-Church notes. The FTC has expressed concerns about creating and maintaining a massive do-not-spam list, and CAN-SPAM's opt-out approach basically lets spammers continue to e-mail until they're told to stop, he adds.
"Until the FTC decides whether or not they care to create a do-not-e-mail list, [CAN-SPAM] creates essentially carte blanche permission for spammers to send unlimited quantities of e-mail to the consumer," Everett-Church says. "I'm deeply concerned that we may never see a do-not-e-mail list, and until such a time as we do, we will see an unlimited right to see spam."
The CAN-SPAM Act requires commercial e-mail senders to provide valid opt-out mechanisms. It fines senders up to $100 per e-mail message sent with misleading header information, and supports fines of up to $3 million for some types of spam. But Everett-Church questions whether state and federal law enforcement agencies have the time to go after spammers, especially since CAN-SPAM does not provide additional funding. The FTC and state attorneys general are responsible for most spam enforcement under the bill.
First Step, Say Sponsors
Cosponsors of the bill, Senators Conrad Burns (R-Montana) and Ron Wyden (D-Oregon), defend it, saying it is one necessary piece in a multipronged fight. Technology also needs to be part of the spam wars, but CAN-SPAM should send a "strong message" to spammers, said a Burns spokesperson.
"No legislation will be a silver bullet against spam, but the Burns-Wyden legislation gives consumers considerable control over the e-mail coming to their in-boxes by backing up the law's requirements with stiff civil and criminal penalties," says a Wyden spokesperson, responding by e-mail. "This is a good step toward taking back the Internet from the 'kingpin spammers'--the worst actors of the online world."
Not surprisingly, vendors of antispam technologies agree technology should part of the solution. Some suggest antispam technologies will go further to help e-mail users than CAN-SPAM will. The spirit of the law is headed in the right direction, and CAN-SPAM can help set a moral tone against spam, says Dave Jevans, senior vice president of marketing at Tumbleweed Communications, an e-mail firewall vendor.
He says CAN-SPAM isn't even enforceable. It's difficult to validate the identity of any Internet user, and a large percentage of spam comes from outside the U.S., he notes. CAN-SPAM might make some potential spammers think twice before getting into the business, but spam continues to double about every two months, he says.
"The growth will outweigh by far the amount of spam stopped by CAN-SPAM," Jevans says. He urges a blend of legislative and technological approaches. For example, e-mail could be required to carry a digital signature establishing the sender's identity, he says.
Won't Hurt the Bad Guys?
Another antispam vendor is even more pessimistic about CAN-SPAM's effectiveness. A law might stop legitimate marketers from using spam techniques, but it does nothing to stop hackers from using spam as a tool for identity theft, says Pete Privateer, senior vice president for product strategy and marketing at security and antispam vendor Internet Security Systems.
"This bill is like trying to write a law to ban viruses," Privateer says. "It's just about that effective. I expect the volume of traffic in your in-box to increase."
But Al DiGuido, chief executive officer of e-mail marketing services provider Bigfoot Interactive, says CAN-SPAM will at least clear up the confusion of more than 30 state laws dealing with spam. "We're really excited about federal guidelines that will put an end to all the chaos and confusion on a state-by-state basis," he says.
DiGuido agrees with Wyden that legislation should be only one part of the strategy in the spam wars. He recommends reputable marketers work on a fee-based e-mail system, where they pay a small fee to ISPs to create whitelists, which list commercial entities that are permitted to send e-mail, to ensure that their messages are delivered.
"There will be some real teeth put behind the law that will impose jail terms and significant penalties from a dollars and cents standpoint," DiGuido says. "We also think...the criminal element has been trying to evade the law for some time now, so they'll continue to try to find ways to evade the law."